sebastiano
Josh Cummings
parent
768267c131
commit
4dfc349914
|
|
@ -37,6 +37,7 @@ import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
|
|||
import org.opensaml.saml.saml2.core.impl.NameIDBuilder;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
import org.springframework.core.convert.converter.Converter;
|
||||
import org.springframework.security.saml2.Saml2Exception;
|
||||
import org.springframework.security.saml2.core.OpenSamlInitializationService;
|
||||
import org.springframework.security.saml2.core.Saml2ParameterNames;
|
||||
|
|
@ -72,6 +73,8 @@ class OpenSamlAuthenticationRequestResolver {
|
|||
|
||||
private final NameIDBuilder nameIdBuilder;
|
||||
|
||||
private Converter<HttpServletRequest, String> relayStateResolver = (request) -> UUID.randomUUID().toString();
|
||||
|
||||
/**
|
||||
* Construct a {@link OpenSamlAuthenticationRequestResolver} using the provided
|
||||
* parameters
|
||||
|
|
@ -94,6 +97,10 @@ class OpenSamlAuthenticationRequestResolver {
|
|||
Assert.notNull(this.nameIdBuilder, "nameIdBuilder must be configured in OpenSAML");
|
||||
}
|
||||
|
||||
void setRelayStateResolver(Converter<HttpServletRequest, String> relayStateResolver) {
|
||||
this.relayStateResolver = relayStateResolver;
|
||||
}
|
||||
|
||||
<T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request) {
|
||||
return resolve(request, (registration, logoutRequest) -> {
|
||||
});
|
||||
|
|
@ -123,7 +130,7 @@ class OpenSamlAuthenticationRequestResolver {
|
|||
if (authnRequest.getID() == null) {
|
||||
authnRequest.setID("ARQ" + UUID.randomUUID().toString().substring(1));
|
||||
}
|
||||
String relayState = UUID.randomUUID().toString();
|
||||
String relayState = this.relayStateResolver.convert(request);
|
||||
Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleSignOnServiceBinding();
|
||||
if (binding == Saml2MessageBinding.POST) {
|
||||
if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
|
||||
import org.opensaml.saml.saml2.core.AuthnRequest;
|
||||
|
||||
import org.springframework.core.convert.converter.Converter;
|
||||
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
|
||||
|
|
@ -78,6 +79,16 @@ public final class OpenSaml4AuthenticationRequestResolver implements Saml2Authen
|
|||
this.clock = clock;
|
||||
}
|
||||
|
||||
/**
|
||||
* Use this {@link Converter} to compute the RelayState
|
||||
* @param relayStateResolver the {@link Converter} to use
|
||||
* @since 5.7
|
||||
*/
|
||||
public void setRelayStateResolver(Converter<HttpServletRequest, String> relayStateResolver) {
|
||||
Assert.notNull(relayStateResolver, "relayStateResolver cannot be null");
|
||||
this.authnRequestResolver.setRelayStateResolver(relayStateResolver);
|
||||
}
|
||||
|
||||
public static final class AuthnRequestContext {
|
||||
|
||||
private final HttpServletRequest request;
|
||||
|
|
|
|||
Loading…
Reference in New Issue